TRKJ/EdgeAPI
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAPI.git synced 2025-11-05 01:20:25 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
3c18a7c45cfd8e550b487ed7ebb5a456de889586
EdgeAPI/internal/db/models/ssl_cert_dao.go

243 lines
5.8 KiB
Go
Raw Normal View History

实现证书管理
2020-09-30 17:46:43 +08:00
package models
import (
"encoding/json"
"errors"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
_ "github.com/go-sql-driver/mysql"
"github.com/iwind/TeaGo/Tea"
"github.com/iwind/TeaGo/dbs"
"github.com/iwind/TeaGo/types"
"time"
)
const (
SSLCertStateEnabled = 1 // 已启用
SSLCertStateDisabled = 0 // 已禁用
)
type SSLCertDAO dbs.DAO
func NewSSLCertDAO() *SSLCertDAO {
return dbs.NewDAO(&SSLCertDAO{
DAOObject: dbs.DAOObject{
DB: Tea.Env,
Table: "edgeSSLCerts",
Model: new(SSLCert),
PkName: "id",
},
}).(*SSLCertDAO)
}
var SharedSSLCertDAO = NewSSLCertDAO()
// 启用条目
func (this *SSLCertDAO) EnableSSLCert(id int64) error {
_, err := this.Query().
Pk(id).
Set("state", SSLCertStateEnabled).
Update()
return err
}
// 禁用条目
func (this *SSLCertDAO) DisableSSLCert(id int64) error {
_, err := this.Query().
Pk(id).
Set("state", SSLCertStateDisabled).
Update()
return err
}
// 查找启用中的条目
func (this *SSLCertDAO) FindEnabledSSLCert(id int64) (*SSLCert, error) {
result, err := this.Query().
Pk(id).
Attr("state", SSLCertStateEnabled).
Find()
if result == nil {
return nil, err
}
return result.(*SSLCert), err
}
// 根据主键查找名称
func (this *SSLCertDAO) FindSSLCertName(id int64) (string, error) {
return this.Query().
Pk(id).
Result("name").
FindStringCol("")
}
// 创建证书
func (this *SSLCertDAO) CreateCert(isOn bool, name string, description string, serverName string, isCA bool, certData []byte, keyData []byte, timeBeginAt int64, timeEndAt int64, dnsNames []string, commonNames []string) (int64, error) {
op := NewSSLCertOperator()
op.State = SSLCertStateEnabled
op.IsOn = isOn
op.Name = name
op.Description = description
op.ServerName = serverName
op.IsCA = isCA
op.CertData = certData
op.KeyData = keyData
op.TimeBeginAt = timeBeginAt
op.TimeEndAt = timeEndAt
dnsNamesJSON, err := json.Marshal(dnsNames)
if err != nil {
return 0, err
}
op.DnsNames = dnsNamesJSON
commonNamesJSON, err := json.Marshal(commonNames)
if err != nil {
return 0, err
}
op.CommonNames = commonNamesJSON
_, err = this.Save(op)
if err != nil {
return 0, err
}
return types.Int64(op.Id), nil
}
// 修改证书
func (this *SSLCertDAO) UpdateCert(certId int64, isOn bool, name string, description string, serverName string, isCA bool, certData []byte, keyData []byte, timeBeginAt int64, timeEndAt int64, dnsNames []string, commonNames []string) error {
if certId <= 0 {
return errors.New("invalid certId")
}
op := NewSSLCertOperator()
op.Id = certId
op.IsOn = isOn
op.Name = name
op.Description = description
op.ServerName = serverName
op.IsCA = isCA
op.CertData = certData
op.KeyData = keyData
op.TimeBeginAt = timeBeginAt
op.TimeEndAt = timeEndAt
dnsNamesJSON, err := json.Marshal(dnsNames)
if err != nil {
return err
}
op.DnsNames = dnsNamesJSON
commonNamesJSON, err := json.Marshal(commonNames)
if err != nil {
return err
}
op.CommonNames = commonNamesJSON
_, err = this.Save(op)
return err
}
// 组合配置
func (this *SSLCertDAO) ComposeCertConfig(certId int64) (*sslconfigs.SSLCertConfig, error) {
cert, err := this.FindEnabledSSLCert(certId)
if err != nil {
return nil, err
}
if cert == nil {
return nil, nil
}
config := &sslconfigs.SSLCertConfig{}
config.Id = int64(cert.Id)
config.IsOn = cert.IsOn == 1
config.IsCA = cert.IsCA == 1
config.Name = cert.Name
config.Description = cert.Description
config.CertData = []byte(cert.CertData)
config.KeyData = []byte(cert.KeyData)
config.ServerName = cert.ServerName
config.TimeBeginAt = int64(cert.TimeBeginAt)
config.TimeEndAt = int64(cert.TimeEndAt)
if IsNotNull(cert.DnsNames) {
dnsNames := []string{}
err := json.Unmarshal([]byte(cert.DnsNames), &dnsNames)
if err != nil {
return nil, err
}
config.DNSNames = dnsNames
}
if IsNotNull(cert.CommonNames) {
commonNames := []string{}
err := json.Unmarshal([]byte(cert.CommonNames), &commonNames)
if err != nil {
return nil, err
}
config.CommonNames = commonNames
}
return config, nil
}
// 计算符合条件的证书数量
func (this *SSLCertDAO) CountCerts(isCA bool, isAvailable bool, isExpired bool, expiringDays int64, keyword string) (int64, error) {
query := this.Query().
State(SSLCertStateEnabled)
if isCA {
query.Attr("isCA", true)
}
if isAvailable {
query.Where("timeBeginAt<=UNIX_TIMESTAMP() AND timeEndAt>=UNIX_TIMESTAMP()")
}
if isExpired {
query.Where("timeEndAt<UNIX_TIMESTAMP()")
}
if expiringDays > 0 {
query.Where("timeEndAt>UNIX_TIMESTAMP() AND timeEndAt<:expiredAt").
Param("expiredAt", time.Now().Unix()+expiringDays*86400)
}
if len(keyword) > 0 {
query.Where("(name LIKE :keyword OR description LIKE :keyword OR dnsNames LIKE :keyword OR commonNames LIKE :keyword)").
Param("keyword", "%"+keyword+"%")
}
return query.Count()
}
// 列出符合条件的证书
func (this *SSLCertDAO) ListCertIds(isCA bool, isAvailable bool, isExpired bool, expiringDays int64, keyword string, offset int64, size int64) (certIds []int64, err error) {
query := this.Query().
State(SSLCertStateEnabled)
if isCA {
query.Attr("isCA", true)
}
if isAvailable {
query.Where("timeBeginAt<=UNIX_TIMESTAMP() AND timeEndAt>=UNIX_TIMESTAMP()")
}
if isExpired {
query.Where("timeEndAt<UNIX_TIMESTAMP()")
}
if expiringDays > 0 {
query.Where("timeEndAt>UNIX_TIMESTAMP() AND timeEndAt<:expiredAt").
Param("expiredAt", time.Now().Unix()+expiringDays*86400)
}
if len(keyword) > 0 {
query.Where("(name LIKE :keyword OR description LIKE :keyword OR dnsNames LIKE :keyword OR commonNames LIKE :keyword)").
Param("keyword", "%"+keyword+"%")
}
ones, err := query.
ResultPk().
DescPk().
Offset(offset).
Limit(size).
FindAll()
if err != nil {
return nil, err
}
result := []int64{}
for _, one := range ones {
result = append(result, int64(one.(*SSLCert).Id))
}
return result, nil
}
Reference in New Issue Copy Permalink